<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<div th:replace="~{common/common::head}"></div>

<body>
<div class="layuimini-container">
    <div class="layuimini-main">
        <div class="layui-row layui-col-space15">
            <div class="layui-col-md12">
                <fieldset class="layui-elem-field layui-field-title">
                    <legend style="color: rgb(30 159 255)">登录对抗 - 凭证安全</legend>
                    <blockquote class="layui-elem-quote layui-quote-nm"
                                style="font-size: 15px;background-color: #a7deefab;box-shadow: 0 .125rem .25rem rgba(0, 0, 0, .075) !important">
                        <p>
                        <pre>  这里以JWT伪造、Session固定攻击为例……</pre>
                        </p>
                    </blockquote>
                </fieldset>
            </div>

            <div class="layui-col-md12" style="margin-top: 10px">
                <div class="layui-row layui-col-space15">
                    <div class="layui-col-md6">
                        <h1><span class="iconfont icon-bug"> 漏洞场景：JWT伪造</span></h1>
                        <div class="layui-tab layui-tab-brief">
                            <div class="layui-tab-content">
                                <div class="layui-tab-item layui-show">
                                    <blockquote class="layui-elem-quote main_btn">
                                        <form class="layui-form" style="display: flex; justify-content: space-between;">
                                            <div style="display: flex; align-items: center;">
                                                <input type="text" name="jwt" style="width: 300px;" required
                                                       lay-verify="required" placeholder="JWT"
                                                       value="eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbiIsInJvbGUiOiJhZG1pbiJ9.5r10i-ydzd2PaIr8rA4yKbC-63k0v9P0HJBu2T6gNsNnWnjQC0u3VymDMeNGgl_O52CRpBw9IraUgMUZkdbYFA"
                                                       class="layui-input">
                                            </div>
                                            <div style="display: flex; align-items: center;">
                                                <a class="layui-btn layui-btn-sm" style="width: 80px; margin-left: 10px;" target="_blank"
                                                   href="/loginconfront/credential/generate-jwt?username=admin&role=admin">
                                                    生成JWT
                                                </a>


                                                <button class="layui-btn layui-btn-normal"
                                                        style="width: 100px; margin-left: 10px;"
                                                        lay-filter="vul1-credential-button" lay-submit="">
                                                    <span class="iconfont icon-zhihang">Run</span>
                                                </button>
                                            </div>
                                        </form>
                                    </blockquote>

                                </div>


                                <div class="layui-col-md12">
                                    <div class="layui-card">
                                        <div class="layui-card-header"><i class="fa fa-bullhorn icon-tip"></i>tips</div>
                                        <div class="layui-card-body layui-text layadmin-text">
                                            <pre style="color: #28333e;font-size: 15px;">test</pre>
                                        </div>
                                    </div>
                                </div>

                                <div class="layui-col-md12">
                                    <div class="layui-card">
                                        <div class="layui-card-header"><i class="fa fa-warning icon-output"></i>测试结果
                                        </div>
                                        <div class="layui-card-body layui-text layadmin-text">
                                            <pre id="vul1-credential-result"
                                                 style="color: red;font-size: 15px;"></pre>
                                        </div>
                                    </div>
                                </div>

                            </div>
                        </div>
                    </div>

                    <div class="layui-col-md6">
                        <h1><span class="iconfont icon-code"> 缺陷代码</span></h1>
                        <div class="m-auto div-shadow shadow p-3 mb-5 bg-white rounded">
                            <div class="code-editor" id="vul1Credential"></div>
                        </div>
                    </div>

                </div>
            </div>

        </div>
    </div>
</div>
</div>

<div th:replace="~{common/common::script}"></div>
<script type="text/javascript">
    document.addEventListener("DOMContentLoaded", function () {

        layui.use(['layer', 'miniTab', 'common', 'form'], function () {
            var $ = layui.jquery,
                layer = layui.layer,
                miniTab = layui.miniTab,
                common = layui.common,
                form = layui.form;
            miniTab.listen();
            layer.msg("登录对抗 - 凭证安全")

            // common.formListenFun("vul1-account-button", "", "/loginconfront/account/vul1", "vul1-account-result", "post");
            // common.formListenFun("vul2-account-button", "", "/loginconfront/account/vul2", "vul2-account-result", "post");


            form.on('submit(vul1-credential-button)', function (data) {
                event.preventDefault(); // 防止表单默认提交行为
                const jwtValue = $("input[name='jwt']").val(); // 获取输入框的值
                console.log(jwtValue)
                $.ajax({
                    url: "/loginconfront/credential/vul1", // 发送到正确的后端接口
                    type: "get",
                    headers: {
                        'Auth_Token': jwtValue // 将 JWT 值设置到 Auth_Token 请求头中
                    },
                    success: function (result) {
                        $("#vul1-credential-result").text(result.msg); // 显示返回信息
                    },
                    error: function () {
                        alert("请求发送失败！");
                    }
                });
            })


            var cmConfig = {
                lineNumbers: true,
                lineWrapping: false,
                indentUnit: 4,
                indentWithTabs: true,
                theme: 'juejin',
                styleActiveLine: {nonEmpty: true},
                fontSize: "18px",
                mode: "text/x-java"
            };

            CodeMirror(document.getElementById("vul1Credential"), Object.assign({}, cmConfig, {
                value: vul1Credential
            }));
            CodeMirror(document.getElementById("vul2Credential"), Object.assign({}, cmConfig, {
                value: vul2Credential
            }));

        });
    });


</script>

</body>
</html>
